›› At a glance
- Delivery model
- Tech-agnostic (works with your tools)
- Response authority
- Alert-only
- MTTA SLA
- Not disclosed
- Coverage
- 24×7 · 1 SOC region
- Surfaces
- Cloud
- IR retainer
- Separate
- Customers (public)
- Approximately 1,000 Nordic private, public and third-sector customers across Innofactor
- SOC analysts
- Innofactor employs approximately 600 professionals across Finland, Sweden, Denmark and Norway. MDR-specific analyst count is not published.
- Onboarding
- Innofactor says the core infrastructure resides in the customer's Azure cloud environment and needs no on-premises infrastructure. It describes deployment as rapid and light, but does not publish a standard onboarding duration.
›› Best for
›› IDEAL FOR
- Nordic buyers already committed to Microsoft Azure and Sentinel
- Organizations that want MDR data to stay in their own Azure environment
- Teams that want a step-up path from business-hours monitoring to 24/7 MDR
›› NOT IDEAL FOR
- Buyers that need public MDR pricing or response SLAs before sales engagement
- Teams that want endpoint and network detection included in a base MDR package
- Organizations that need autonomous containment without internal approval
›› Coverage
Endpoint
Add-on
Cloud
Included
Identity
Limited
SaaS
Not offered
Network
Add-on
OT / IoT
Not offered
›› COMPATIBLE TOOLS
EDR
SIEM
Cloud
›› ADDITIONAL CAPABILITIES
›› Incident response
- Monitoring
- 24/7 · Innofactor publishes a cross-Nordic and multi-local CSOC. Tier3 Advanced runs 24/7, 365 days a year. Exact shift model and analyst-to-customer ratio are not published
- First response
- Alert only — provider notifies your team with recommended actions
- Containment
- None documented
- Notification
- Phone · Email
- Response SLA
- Not disclosed · Innofactor publishes three service levels.
- IR included
- No — separate retainer
›› DETECTION QUALITY
- MTTD (detect)
- Not published
- MTTR (respond)
- Not published
- False positives
- Innofactor describes Microsoft Sentinel SIEM, user and entity behavior analytics and Darktrace NDR behavior analytics as security elements, but does not publish a false-positive methodology for MDRaaS.
›› THREAT HUNTING
- Included
- Yes — in base service
- Approach
- reactive
- Frequency
- Included on Tier3 Advanced. Exact hunt cadence not published.
›› Pricing
Tiered custom quote. Innofactor publishes Basic, Standard and Advanced MDRaaS tiers, each marked ask for pricing.. Tier1 basic or tier2 standard or tier3 advanced or custom contracts.
- Indicative price
- Not published
What costs extra
- -Exact MDRaaS pricing requires an Innofactor quote
- -EDR with the Microsoft Defender product family is an add-on service
- -NDR with Darktrace is an add-on service
- -Tier3 Advanced is required for 24/7 service and threat hunting
- -Microsoft Azure, Microsoft Sentinel, Defender and Darktrace licensing can affect total cost
Cost caveats
- -Tier1 and Tier2 cover regular business hours, not 24/7.
- -Endpoint and network detection are add-ons, so base SIEM-only scope may be narrower than buyers expect.
- -Public pages do not publish named response actions or response SLAs.
- -Customers keep ownership of logs and incidents, so internal responsibility for mitigation should be clear before signing.
Proof of value may be available through sales.
Pricing compiled from public sources. Verify directly with the provider.
›› The team
- Analysts
- Direct employees · Innofactor employs approximately 600 professionals across Finland, Sweden, Denmark and Norway. MDR-specific analyst count is not published.
- Certifications
- Microsoft Certified ProfessionalMicrosoft Solution Partner designationsMicrosoft Advanced SpecializationsISO/IEC 27001:2022
- Channels
- Email · Phone · Portal
- Data access
- Full Query Access
- Portal
- Innofactor says the core infrastructure resides in the customer's Azure environment and customers retain ownership of logs and incidents. Public pages do not show a separate MDR portal workflow.
- Account manager
- Shared / pooled
›› Reputation
Innofactor has limited MDR-specific public review volume. The public buyer case rests on Nordic Microsoft expertise, Sentinel in the customer's Azure environment, tiered service levels and clear customer control of logs and incidents. Buyers should validate response authority, total licensing cost, add-on scope and Tier3 operating model before signing.
›› WHAT CUSTOMERS PRAISE
- — Microsoft Sentinel runs in the customer's Azure environment
- — Nordic delivery across Finland, Sweden, Denmark and Norway
- — Tiering makes the difference between business-hours monitoring and 24/7 service explicit
›› COMMON COMPLAINTS
- — No public MDRaaS pricing
- — Endpoint and network detection are add-ons
- — Specific response actions and SLA terms need quote-level confirmation
›› REDDIT (R/SYSADMIN, R/MSP)
No meaningful Reddit signal found for Innofactor MDRaaS specifically.
›› Questions to ask
›› 8 questions to ask Innofactor MDRaaS▾
- 1.
Which tier are we buying and does it include 24/7 monitoring?
- 2.
Are EDR, NDR, Defender, Darktrace and Sentinel licenses included or billed separately?
- 3.
Which response actions can Innofactor take directly and which require our approval?
- 4.
What contractual SLA applies to high-severity triage, escalation and response?
- 5.
What data, analytics rules, reports and incident records remain in our Azure environment if we leave?
- 6.
Which Microsoft Sentinel content is standard and which detections are customized for our environment?
- 7.
How often is threat hunting performed on Tier3 Advanced?
- 8.
Which CSOC location, shift model and analyst certifications apply to our contract?
›› Evidence
›› SOURCES REVIEWED
›› PUBLIC-DATA CAVEATS
- -No public contractual response-time SLA is recorded for this profile.
- -No public fixed price is recorded; compare only after a scoped quote.
- -No public breach warranty is recorded.
- -Response authority may depend on pre-approval and contract scope.
- -MDR analyst headcount or analyst-to-customer ratio is not public.